sudo - Regain access to Ubuntu server
2014-07
I did a stupid mistake on my Ubuntu virtual server (Amazon). I was messing around with /etc/passwd & /etc/group files and i am about to lock my self out of the server for good. I have a copy of the original passwd+group files but i cannot copy them back because every time i try to sudo i get :
sudo: unknown uid 1000: who are you?
I am still logged in. Is there anything i can try? I am afraid that after i log out there is no way to bring it back.
Thanks in advance.
Unless you know the root password you won't be able to get root access to fix the /etc/passwd and /etc/group files. What you could do is:
- Stop the instance
- Create a new instance with the same AMI id
- Disconnect the volume from the first instance and connect it to the new instance
- Mount the volume and fix the config files
- Umount and disconnect the original instance's volume
- Connect the volume to the original instance
A more specific guide can be found at http://amazonserver.blogspot.nl/2013/01/recover-broken-amazon-ec2-instance.html
Lo and behold, I log into my machine today, as every day, su root
and it doesn't accept my root password any more. How could that possibly happen, assuming I didn't sleepwalk over to my machine during the night and change the password before going back to bed? Is it possible for me to regain control of this machine or is it game over?
You can regain control by:
- Booting in single user mode (on grub, edit actual kernel by pressing e, add "single" at the end, boot with b
- Boot a live CD, chroot (google this)
- in both ways, then change your password
But: If you can't recall yourself changing the password, reinstall that machine!
In Ubuntu you are probably still a "sudoer", so you should be able to use sudo
with your user password (not the root one). From there you are then able to reset root's password.
$ sudo passwd
Before you reload your system try using chage to see when the password was changed (if it was) or if its simply expired. You can also check /var/log/secure.
reinstalling a system simply because the password expired would be pretty silly.
I have had "password" issues when my root directory (/) is 100% full.
I run a cron script which rsyncs to an external hard drive which wasn't mounted at runtime. rsync doesn't care what device/partition the directory is mapped to, so it went ahead and filled up /external_hd. Normally, /external_hd is the 1TB device sitting on top of my computer tower. But when it's not mounted (e.g. the external hard drive is not on), the directory is still there, so it writes to the / partition (by default it'd create the directory anyway, I believe). Next time I restarted I couldn't log in to Ubuntu, getting an error on user name/password. Once I deleted files, everything worked as expected.
I've also had this issue when running Amazon's MP3 downloader and a full /. It gives you a permissions type error and running the app under gksudo doesn't solve it.
Eventually, I stopped being so lazy and changed the script to skip rsyncing to external if it wasn't mounted.
I like the solution of "honk" but you can shorten that:
sudo passwd
is enough to change the password of root. :-)
(Can't comment" on his answer, so I'm posting a new one)